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DETAILED ACTION 
Status of Claims 

1. This communication is in response to amendment filed October 14, 2005, where 
applicant amended claims 35-37,40,41,44,45,47,48,50,52-56,63-68, and cancelled claims 
38,39,43,46,58-62. Claims 35-37,40-42,44,45,47-57,63-68 are pending. 

Response to Arguments 

2. Applicant's arguments filed 10/14/2005, with respect to claims 35-68 have been 
considered but are not persuasive. 

3. Examiner appreciates applicants amendments which attempts to further clarify and more 
distinctly claim the invention. However, the claims remain broad and are thus rejected as 
explained below. 

4. Applicant argues that Gershman fails to disclose a system wherein the "personal profile 
data" are stored in one application and the "personal protection profile information" controlling 
the access to that personal profile data are maintained in a separate central protection server. 

In reply f it is noted that the features upon which apphcant relies (i.e., personal protection 
information is stored and maintained in the central server) are not recited in the rejected claim(s). 
Although the claims are interpreted in light of the specification, limitations fi*om the specification 
are not read into the claims. See In re Van Geuns, 988 F.2d 1 181, 26 USPQ2d 1057 (Fed. Cir. 
1993). The claims broadly state the central server as "having access to personal protection 
information. . .". A server "having access" to information does not mean that the protection 
information is stored on the server and is separate from the profile. Rather it means that the 
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server is able to obtain the protection information in some unmentioned way. Therefore, the 
claims are broadly interpreted in this way, and is explained in the rejection that follows below. 

5. Applicant argues that Gershman does not disclose concealing the user identity. 

In reply, it is noted that the features upon which applicant rehes (i.e., concealing the user 
identity) are not recited in the rejected claim(s). Although the claims are interpreted in light of 
the specification, limitations from the specification are not read into the claims. See Zr? ra Van 
Gems, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). 

Abstract / Specification 

6. The abstract is objected to because of the following informalities: 
Change "concealed for an" to "concealed fer from an". 

7. The disclosure is objected to because of the following informalities: 

In paragraph [0012] of the PG-PUB specification, lines 4-5, change "possible for for 
example companies" to "possible for^ for example^ companies". 

In paragraph [0012] of the PG-PUB specification, lines 9-10, change "enable for example 
for an" to "enable for example^ for an". 

In paragraph [0018] of the PG-PUB specification, line 3, change "Particularly is for 
each" to "Particularly is for each". 

In paragraph [0018] of the PG-PUB specification, line 6, change "denoted a DTD 
agreement" to "denoted as a DTD agreement/'. 

Appropriate correction is required. 
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Claim Rejections - 35 USC § 112 

8. The following is a quotation of the second paragraph of 35 U.S. C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claindng the 
subject matter which the applicant regards as his invention. 

9. Claim 35 rejected under 35 U.S.C. 112, second paragraph, as being indefinite for failing 
to particularly point out and distinctly claim the subject matter which applicant regards as the 
invention. The Umitation "wherein said requesting application requesting said ..." on line 20 
and on, is unclear. Examiner suggests replacing the second occurrence of 'requesting' with 
' requests ', if this is what applicant intended. Otherwise the limitation is unclear. (AppUcant is 
requested to correct any subsequent claim that contains this occurrence). 

10. Claim 35 recites the limitation "said access request" in line 16. There is insufficient 
antecedent basis for this Umitation in the claim. (Applicant is requested to correct any subsequent 
claim that contains this occurrence). 

Claim Rejections - 35 USC § 102 

1 1 . The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 35 1(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

12. Claims 35-41,43-47,57-59,61,63,65 and 66rejected under 35 U.S.C. 102(e) as being 
anticipated by Gershman et al (US Patent No 6,199,099). 
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13. In reference to claims 35,58,63 and 66, Gershman teaches a system, a personal profile 
control network and a method for distributing and maintaining end-user personal profile data in a 
data communications system, said system providing communication between applications using 
said personal profile data, the system comprising: 

a central protection server having access to personal protection profile information, 
wherein said personal protection profile information stored information for a particular user as to 
which personal profile data associated with said particular user is accessible by which particular 
application (column 32 line 50 - column 33 line 5, column 4 lines 44-46&55-67 and column 35 
lines 7-12, Gershman discloses a central profile gateway server that has access to user profiles 
where the owner of the profile specifies accessibility permissions by way of profile Personas); 

a requesting appUcation for requesting access to certain personal profile data associated 
with a particular user, said user being identified by a first user identity (column 34 lines 55-67, 
merchants request access); 

an information providing appUcation having access to said certain personal profile data 
associated with said user (column 34 hues 55-67, Gershman discloses a central profile gateway 
server); 

wherein said central protection server receives said access request for said certain 
personal profile data from said requesting application and grants or rejects said request by 
evaluating the associated personal protection profile information for said particular user (column 
34 lines 55-67); 

wherein said requesting application requesting said certain personal profile data fi"om said 
information providing application in response to said central protection server granting said 
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access request (column 34 lines 55-67, if it is granted permission then it inherently requests 
information). 

14. In reference to claim 36, Gershman teaches the system according to claim 35, wherein 
there is one access means for each of said requesting appUcation and said information providing 
apphcation (column 35 Unes 5-40 and figures 17 & 18). 

1 5. In reference to claim 37, Gershman teaches the system according to claim 35, wherein 
said central protection server provides a second user identity to the requesting application in 
response to said access request being granted, wherein said second user identity identifies the 
user within said information providing application and wherein said requesting application 
requests said certain personal profile data from said information providing application using said 
second user identity (column 35 lines 5-40 and figures 17 & 18). 

16. In reference to claim 40, Gershman teaches the system according to claim 35, wherein the 
personal protection profile information are assigned one of a number of security levels, a lowest 
security level indicating that all personal profile data access is prevented for every application, 
and a highest security level indicating that all personal profile data is freely available (column 35 
lines 5-60). 

17. In reference to claims 41 and 59, Gershman teaches the system according to claims 36 
and 58, wherein an interface between said requesting application and said respective access 
means comprises an Application Programmable Interface based on a generic markup language 
(column 9 line 10 - column 10 line 10). 



Application/Control Number: 09/976,500 Page 7 

Art Unit: 2157 

18. In reference to claim 43, Gershman teaches the system according to claim 41 , wherein 
access to requested end-user personal profile data is granted or rejected by the central server in 
communication with the requesting application. 

19. In reference to claims 44 and 64, Gershman teaches the system according to claims 35 
and 63, wherein access to said requested personal profile data is granted or rejected by the 
central server in communication with the information providing appUcation (column 34 line 45 - 
column 35 line 11). 

20. In reference to claims 45 and 65, Gershman teaches the system according to claims 35 
and 63, wherein access to said requested personal profile data is granted or rejected by the 
central server in communication with the requesting application and the information providing 
application (column 34 line 45 - column 35 line 1 1). 

21 . In reference to claim 47, Gershman teaches the system according to claim 36, wherein 
user identity translating means are provided in the access means of the requesting application 
(column 34 line 45 - column 35 line 1 1). 

22. In reference to claim 57, Gershman teaches the system according to claim 35, wherein at 
least some of the appUcations include respective cache memory for temporarily holding 
information about access requests, and a previously used session can be reused at least for a 
given time period (columns 32-34). 
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Claim Rejections - 35 USC§103 

23. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

24. Claims 42,48-51 and 60 rejected under 35 U.S.C. 103(a) as being unpatentable over 
unpatentable over Gershman (US Patent No 6,199,099) in view of Weschler (US Patent No 
6,757,720). 

25. In reference to claims 42 and 60, Gershman teaches the system according to claims 41 
and 59, including HTML (column 9 lines 10-40). Gershman fails to explicitly teach wherein the 
generic markup language is XML. However, Weschler does teach managing profile data via a 
profile service engine (Abstract and column 4 lines 45-67). Weschler discloses using a markup 
language such as XML for the usefulness of it dynamic formatting capabilities (column 8 lines 
20-40 and column 9 lines 50-67). 

It would have been obvious for one of ordinary skill in the art to modify Gershman by 
making the markup language as XML as per the teachings of Weschler for the usefulness of it 
dynamic formatting capabilities. 

26. In reference to claim 48, Gershman teaches the system according to claim 35. Gershman 
fails to explicitly teach wherein a general Document Type Definition (DTD) is defined to allow 
flow of personal data between said requesting application and said information providing 
application. However, Weschler teaches managing profile data via a profile service engine 
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(Abstract and column 4 lines 45-67). Weschler discloses DTD's for authenticating request 
messages (column 9 lines 50-67 and column 16 lines 18-65). 

It would have been obvious for one of ordinary skill in the art to modify Gershman by 
giving DTD's for data flow as per the teachings of Weschler since it is a structure of markup 
languages for providing authentication. 

27. In reference to claim 49, Gershman teaches the system according to claim 48. Gershman 
fails to explicitly teach wherein for each user a specific user DTD agreement is given (Weschler , 
column 9 lines 50-67 and column 16 lines 18-65). 

28. In reference to claim 50, Gershman teaches the system according to claim 36. Gershman 
fails to expUcitly teach wherein said access request for said personal profile data is transported 
from the requesting application to its access means using Remote Method Invocation (RMI) 
(Weschler , column 8 lines 25-67). 

29. In reference to claim 51, Gershman teaches the system according to claim 50. Gershman 
fails to explicitly teach wherein the request is transported as an XML transport object tagged 
with information about the requested end-user personal profile data (Weschler , column 8 lines 
20-40 and column 9 lines 50-67). 

30. Claim 52 rejected under 35 U.S.C. 103(a) as being unpatentable over unpatentable 
over Gershman (US Patent No 6,199,099) in view of Hoyle (US Patent No 6,771,290). 

Gershman teaches the system according to claim 36, using HTTP and other protocols 
including secure protocols (column 9 lines 16-20 and column 35 lines 17-22). Gershman fails to 
explicitly teach wherein an HTTPS protocol is used for communication between the access 



Application/Control Number; 09/976,500 Page 10 

Art Unit: 2157 

means of the requesting or information holding application and the central protection server. 
However, "Official Notice" is taken wherein HTTPS is a well-known security protocol for 
communication over HTTP, as is taught by Hoyle (column 12 lines 5-15). 

It would have been obvious for one of ordinary skill in the art to modify Gershman by 
making the HTTP communication into HTTPS protocol as per the teachings of Hoyle for the 
purpose of secure communication over HTTP. 

31. Claims 53-56,61,66 and 67 rejected under 35 U.S.C. 103(a) as being unpatentable 
over unpatentable over Gershman (US Patent No 6,199,099) in view of Hind et al (US 
Patent No 6,826,690). 

32. In reference to claims 53 and 67, Gershman teaches the system according to claims 36 
and 66. Gershman fails to explicitly teach wherein the access means of the information 
requesting or providing application includes means for encrypting the user identity. However, 
Hind teaches encryption of the originator of the message (Summary and column 9 lines 40-67). 

It would have been obvious for one of ordinary skill in the art to modify Gershman 
wherein the access means of the information requesting or providing application includes means 
for encrypting the user identity associated with the requested end-user profile as per the 
teachings of Hind for the purpose of secure participation of entities in communication. 

33. In reference to claims 54,62 and 68, Gershman teaches the system according to claims 
36,61 and 66. Gershman fails to expUcitly teach wherein the request is digitally signed with at 
least one of a private key of the access means of the requesting apphcation and a private key of 
the access means of the information providing application. However, Hind teaches generating a 
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digital signature for a request using a servers private key for secure communication purposes 
(Summary and column 13 lines 30-60), 

It would have been obvious for one of ordinary skill in the art to modify Gershman 
wherein the request is digitally signed with at least one of a private key of the access means of 
the requesting appUcation and a private key of the access means of the information providing 
application as per the teachings of Hind for the purpose of secure participation of entities in 
communication. 

34. In reference to claim 55, Gershman teaches the system according to claim 54, wherein the 
request is digitally signed with a private key of the central protection server, and a digital 
signature of the access means are verified in the central protection server (Hind, Summary and 
column 13 lines 30-60). 

35. In reference to claim 56, Gershman teaches the system according to claim 55, wherein the 
central server means comprises means for encrypting at least the second user identity used by the 
information providing apphcation (Hind, Summary and column 13 lines 30-60). 

36. THIS ACTION IS MADE FINAL. Apphcant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
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CFR 1. 136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Ramy M. Osman whose telephone number is (571) 272-4008. 
The examiner can normally be reached on M-F 9-5. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ario Etienne can be reached on (571) 272-4001 . The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an appUcation may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or PubHc PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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December 17, 2005 



